Leaderboard

@Gushterul Offtopic: Da. A avut o perioada pe la inceputul anului, cand nu prea s-a simtit bine, dar acum este in regula. Actualizez pe blog ce mai face, insa nu asa des ca inainte, pentru ca acum face tomografiile o data la 6 luni, nu la 3 luni ca inainte. De pe la inceputul lui 2016 am eu grija de el cu cheltuielile, asa cum este si normal, sa nu-i lipseasca vitamina C si alte lucruri care-i pot prelungi viata. Stateam si ma gandeam la o chestie: sunt persoane care s-au operat odata cu el, o singura data, nu de doua ori ca el si care intre timp nu mai sunt printre noi. Au urmat si ele acelasi tratament ca tata, insa, din pacate, nu a fost sa fie. Asta inseamna ca poate toate lucrurile alea pe care le-am discutat impreuna si le-am cumparat cu voi, baieti destepti, l-au ajutat sa fie in viata si acum. O sa va respect toata viata pentru ce ati facut pentru el si va mai multumesc inca o data acum.

http://fuzzysecurity.com/tutorials.html Sursa: https://blog.g0tmi1k.com/2013/08/cracking-perimeter-ctp-offensive/ Exploit Development (Tutorials) https://www.corelan.be/index.php/articles/*Highly Recommend* http://fuzzysecurity.com/tutorials.html*Highly Recommend* Exploit Development (Vulnerable Code) http://exploit-exercises.com/protostar http://exploit-exercises.com/fusion Exploit Development (Misc) sickn3ss ~ http://ihazomgsecurityskillz.blogspot.com/ OpenSecurity ~ http://opensecuritytraining.info/Training.html Books The Shellcoder's Handbook [ISBN-13: 978-0-76454-468-2] ~ http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/0764544683 Bug Hunter's Diary [ISBN-13: 978-1-59327-385-9] ~ http://nostarch.com/bughunter The Art of Exploitation (2nd Edition) [ISBN-13: 978-1-59327-144-2] ~ http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 The Web Application Hacker's Handbook (2nd Edition) [ISBN-13: 978-1-11802-647-2] ~ http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 Metasploit: The Penetration Tester's Guide [ISBN-13: 978-159-3-27288-3] ~ http://www.amazon.com/Metasploit-Penetration-Testers-David-Kennedy/dp/159327288X Brute Force Vulnerability Discovery [ISBN-13: 978-032-1-44611-4] ~ http://www.amazon.com/Fuzzing-Brute-Force-Vulnerability-Discovery/dp/0321446119 Assembly Language Step-by-Step: Programming with Linux [ISBN-13: 978-047-04-9702-9] ~ http://www.amazon.com/Assembly-Language-Step-Step-Programming/dp/0470497025 Learning OllyDBG Lena's Reversing for Newbies ~ http://tuts4you.com/download.php?list.17 OllyDbg Tutorials ~ http://tuts4you.com/download.php?list.29 OllyDbg Plugins ~ http://tuts4you.com/download.php?list.3 OpenRCE ~ http://www.openrce.org/downloads/ Learning GDB SecurityTube's SLAE (SecurityTube Linux Assembly Expert) course ~ http://www.securitytube-training.com/online-courses/securitytube-linux-assembly-expert/index.html Learning IDA Pro IDA Pro Disassembler & Debugger ~ http://tuts4you.com/download.php?list.67 Free IDA Pro Binary Auditing Training Material for University Lectures ~ http://www.binary-auditing.com/

Varianta PowerShell pentru utilizatorii Windows care nu doresc sa instaleze MareleSharpe $request = Invoke-WebRequest -Uri 'https://www.vpnbook.com/'; if( $request.StatusCode -ne 200 ) { Write-Error -Message $('Failed to access website. StatusCode ' + $request.StatusCode + ': ' + $request.StatusDescription + '.' ); break; } if( $request.RawContent -inotmatch 'username:\s+([\w\d]+)' ) { Write-Error -Message 'Failed to find username.'; break; } $username = $Matches[1]; if( $request.RawContent -inotmatch 'password:\s+([\w\d]+)' ) { Write-Error -Message 'Failed to find password.'; break; } $password = $Matches[1]; Set-Content -Path "D:\vpn_book.txt" -Force -Value $($username + "`r`n" + $password) -NoNewline -Encoding ASCII

UPDATE : Cont FB 2500+ prieteni Pm oferte

Nu ai ce face cu lista e plină de minori

@aelius

Author: @dronesec and @breenmachine Article: https://foxglovesecurity.com/2017/08/25/abusing-token-privileges-for-windows-local-privilege-escalation/ Skip to content Blog About FoxGlove Security The Team Posted onAugust 25, 2017 Abusing Token Privileges For Windows Local Privilege Escalation By @dronesec and @breenmachine This a project my friend drone <@dronesec> and I have been poking at for quite some time and are glad to finally be releasing. As the title implies, we’re going to be looking at leveraging Windows access tokens with the goal of local privilege escalation. For those familiar with some of my previous work on “Rotten Potato” this might sound familiar, however drone and I took this 10 steps further. In this post I’m simply going to be providing a summary of the work. The full article and all associated code can be found at: https://github.com/hatRiot/token-priv. This post is going to be broken into two sections, the first for penetration testers and red teamers, and the second for exploit developers. For the Red Team Like the “Rotten Potato” project, this project will be useful for penetration testing and red team scenarios where an attacker has gained access to a non-administrative service account and is looking to elevate privileges to “SYSTEM”. If you recall from the “Rotten Potato” project, in order for the original attack to work, your account needed to have the “SeImpersonatePrivilege”, or “SeAssignPrimaryPrivilege”. Drone and I decided to look at what other privileges could be abused to gain SYSTEM level access and were able to find a whole collection of them! If this is where your interest lies, feel free to skip to sections 3.1 and 3.3 of the paper linked above and take a look at the published code. Each of the modules is associated with a specific privilege and will get you SYSTEM level access or something almost as good. Here is the list of privileges that we were able to abuse: SeImpersonatePrivilege SeAssignPrimaryPrivilege SeTcbPrivilege SeBackupPrivilege SeRestorePrivilege SeCreateTokenPrivilege SeLoadDriverPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege From a penetration testing perspective, simply type “whoami /priv” at a Windows command prompt. If you have one of the above privileges, you win. It may be beneficial to hunt for specific service accounts that have these privileges. For example if you can gain access to the Backup service account, it will almost certainly have the SeBackupPrivilege and SeRestorePrivilege. Gaining access to these service accounts can be accomplished in a number of ways including the following: The service itself is compromised through some vulnerability. Typical scenarios include web application vulnerabilities which allow execution in the context of the account running IIS, and SQL injection vulnerabilities where XP_CMDSHELL can be used to run code in the context of the SQL service account. Service account credentials are leaked in some way. Kerberoast style attacks. A Kerberos ticket is requested for the target account from the domain controller. Part of this ticket is encrypted using the target account’s password hash. This can be efficiently cracked offline to yield the account password. Forcing NTLM negotiation. For example, with a backup service, if you were to force it to backup an SMB share that is served up by Responder.py. As always, you may need to be creative here. For further details, please see the paper in the GitHub repository https://github.com/hatRiot/token-priv. For the Exploit Devs This project was originally conceived by drone as a tool for exploit developers to greatly simplify the exploitation of partial write vulnerabilities. Partial write vulnerabilities are those where we can write something to a chosen location in memory, however we may not control the value being written. The idea here is to abuse the partial write to flip some bits in your users token, thus enabling one of the exploitable privileges. From this point forward, the “exploitation” of the vulnerability involves abusing intended (albeit undocumented) behavior of a series of Windows API calls. The advantage of this type of strategy for abusing partial writes is that it evades all of the new kernel exploit mitigations! Drone shows in the paper how he was able to greatly simplify the exploits for some recent partial write vulnerabilities. The other great thing is that the exploit code is completely portable. Once the right bits are flipped in the token, the exploit developer needs only to run one of the modules from our project. For further details, please see the paper in the GitHub repository https://github.com/hatRiot/token-priv.

Tare asta !

@M4T3! Nu am vandut niciodata linkuri pe blog, nici nu vand si am grija de trimiterile pe care le fac. Am doar doua site-uri in blogroll: un blogger si RST. Oferta mea: un an de zile, dofollow, index, blogroll, gratis. In semn de multumire ca l-ai ajutat pe tatal meu. Nu v-am uitat, va am in lista. Daca pot sa ajut, ajut. Daca esti de acord, da-mi un mesaj privat cu site-ul. Sunt sigur ca este in regula, insa vreau sa arunc o privire pe el, sa ma asigur eu.

Vand cont de F.B. 5000+ de prieteni creat in ianuarie 2015 in ultimele 24 de ore am primit 3000 de cereri de prietenie contu are potential maxim prieteni majoritatea romani ! P.M pe cine intereseaza !

pentru @wirtz

mai am eu niste conturi in plus, sunt cu activitate zilnica de peste un an.. iar pretul pleaca de la 10€/ cont

BinaryAlert: Serverless, Real-time & Retroactive Malware Detection BinaryAlert is an open-source serverless AWS pipeline where any file uploaded to an S3 bucket is immediately scanned with a configurable set of YARA rules. An alert will fire as soon as any match is found, giving an incident response team the ability to quickly contain the threat before it spreads. Features: Built with Amazon Web Services (AWS): An AWS account is all you need to deploy BinaryAlert. Broad YARA Support: Add your own YARA rules and/or automatically clone them from third-party repos. PE, math, and hash YARA modules are supported. Real-Time: Files uploaded to BinaryAlert (S3 bucket) are immediately queued for analysis. Serverless: All computation is handled by Lambda functions. No servers to manage means stronger security and automatic scaling! Infrastructure-as-Code: The entire infrastructure is described with Terraform configuration files, enabling anyone to deploy BinaryAlert in a matter of minutes with a single command. Retroactive Analysis: After updating the YARA ruleset, BinaryAlert will retroactively scan the entire file corpus to find any new matches. Easily Configurable: BinaryAlert configuration is managed in a single Terraform variables file. Quality Code: Written in Python3 with unit tests and linting to ensure a clean and reliable codebase. Low Cost: The AWS bill is based only on how many files are analyzed. Quick Start: Install dependencies Install Python3.6, pip3, virtualenv, and Terraform. Create a virtual environment: virtualenv -p python3 venv Activate the virtual env: source venv/bin/activate Install third-party libraries: pip3 install -r requirements.txt If the installation encounters problems finding openssl.h, try export CFLAGS='-I/usr/local/opt/openssl/include' before the install. Configure settings Set your AWS credentials using any method supported by Terraform. The two simplest options are to run aws configure (saves ~/.aws/credentials file) or export AWS_DEFAULT_REGION="region-name" export AWS_ACCESS_KEY_ID="access-key" export AWS_SECRET_ACCESS_KEY="secret-key" Fill out the base configuration options in terraform.tfvars Deploy: python3 manage.py deploy In order to receive YARA match alerts, you must manually subscribe to the generated SNS topics. Go to the SNS console and add a subscription to the *_binaryalert_yara_match_alerts topic (which receives YARA match alerts) and the *_binaryalert_metric_alarms topic (which receives CloudWatch alerts if the service is down). SNS supports a variety of subscription endpoints, including email and SMS. SNS subscriptions must be confirmed by the destination, which is why this step can't be automated by Terraform. That's it! Now any file you upload to the BinaryAlert S3 bucket will automatically trigger YARA analysis and you can rest easier knowing that your files are safe. CLI Tool: manage.py: For simplicity, BinaryAlert management commands are bundled together in manage.py. Usage: python3 manage.py [--help] [command] YARA RULES: YARA rules are stored in the rules/ folder. See rules/README.md for more information about adding and updating YARA rules. Architecture: The organization collects files and delivers them to their BinaryAlert S3 bucket. Files of interest could include executable binaries, email attachments, documents, etc. Every file uploaded to the S3 bucket is immediately queued for analysis. A dispatching Lambda function runs every minute, grouping files into batches and invoking up to dozens of analyzers in parallel. Each analyzer scans its files using a list of pre-compiled YARA rules. YARA matches are saved to DynamoDB and an alert is sent to an SNS topic. We use StreamAlert to dispatch these alerts, but other organizations can instead consume the alerts via email or any other supported SNS subscription. For retroactive analysis, a batching Lambda function enqueues the entire S3 bucket to be re-analyzed. Configurable CloudWatch alarms will trigger if any BinaryAlert component is behaving abnormally. This will notify a different SNS topic than the one used for YARA match alerts. Updating Pip Packages: The exact pip3 package versions used are frozen in requirements.txt. However, to make upgrading packages easier, requirements_top_level.txt contains only the top-level packages required by BinaryAlert. To upgrade the package requirements, pip3 install -r requirements_top_level.txt --upgrade pip3 freeze > requirements.txt Directory Overview: lambda_functions: Source code for each BinaryAlert Lambda function. rules: Collection of public and private YARA rules. terraform: AWS infrastructure represented as Terraform configuration files. tests: Unit tests amd mocks. Links: Announcement Post Twitter (unofficial) Slack (unofficial) Download binaryalert-master.zip Source: https://github.com/airbnb/binaryalert

site-urile de filme online sunt ok recomand xmovies8.ru sau kingmovies.to , dar daca vrei sa folosesti popcorn ( preferatul meu ) cel mai bine folosesti un vpn

In romania pirartai fara probleme si n-am avut nevoie de vpn dar aici am auzit ca e serioasa treaba anyway nu voi pirata filme sau muzica dar inca o intrebare, site-uri-le cu seriale online free sau gen popcorn time sunt ok?

hcpxread is an interactive tool made to view, parse, and export .hccapx files. You can learn more about the HCCAPX format from the official docs. Long story short, Features Interactive menu Reads and outputs AP data Shows summary of the loaded access points Usage $ go get github.com/vlad-s/hcpxread $ hcpxread _ _ | |__ ___ _ ____ ___ __ ___ __ _ __| | | '_ \ / __| '_ \ \/ / '__/ _ \/ _` |/ _` | | | | | (__| |_) > <| | | __/ (_| | (_| | |_| |_|\___| .__/_/\_\_| \___|\__,_|\__,_| |_| Usage of hcpxread: -capture file The HCCAPX file to read -debug Show additional, debugging info Note: debugging will disable clearing the screen after an action. Example $ hcpxread -capture wpa.hccapx INFO[0000] Opened file for reading name=wpa.hccapx size="6.5 KB" INFO[0000] Searching for HCPX headers... INFO[0000] Finished searching for headers indexes=17 INFO[0000] Summary: 17 networks, 0 WPA/17 WPA2, 16 unique APs 1. [WPA2] XXX B0:48:7A:BF:07:A4 2. [WPA2] XXXXX 08:10:77:5B:AC:ED ... 17. [WPA2] XXXXXXXXXX 64:70:02:9E:4D:1A 99. Export 0. Exit network > 1 Key Version |ESSID |ESSID length |BSSID |Client MAC WPA2 |XXX |3 |B0:48:7A:BF:07:A4 |88:9F:FA:89:10:2E Handshake messages |EAPOL Source |AP message |STA message |Replay counter match M1 + M2 |M2 |M1 |M2 |true ... Asciicast https://asciinema.org/a/H4pUedh9z9sLHH5iZuWouxeZU Github https://github.com/vlad-s/hcpxread

Lista de prieteni alu Pomohaci o are cineva ?

Văzut

Ti-am dat Pm Pro13

Sources: https://github.com/doadam/ziVA https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ ziVA An iOS kernel exploit designated to work on all 64-bit iOS devices <= 10.3.1 More general information https://blog.zimperium.com/zimperium-zlabs-ios-security-advisories/ https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/ Offsets modifications for other iOS devices Like a lot (if not most) of the iOS kernel exploits, this also requires offsets for each iOS device and version. Those will be posted in the close future (when I get more time) but should be acquired from AppleAVEDriver (you can get a hint on the offsets from the comments above them). Sandbox escape Like mentioned, AppleAVEDriver direct access requires sandbox escape (either mediaserverd sandbox context or no sandbox at all). Fortunately, Sandbox escape exploits have been released by P0, which means this can be used to completely compromise a kernel, and a step towards a full jailbreak. Is it a Jailbreak? This is a crucial part in a Jailbreak chain, but this never aimed to become a Jailbreak. Is this going to be a jailbreak? Maybe, if someone wants to work on that Credits Credit for finding the vulnerabilities, chaining them together, writing the exploit go to Adam Donenfeld (@doadam). Special thanks to Zuk Avraham (@ihackbanme), Yaniv Karta (@shokoluv) and the rest of the Zimperium team for the opportunity (and the paycheck). Proof of Concept: https://github.com/doadam/ziVA https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/42555.zip Sursa: https://www.exploit-db.com/exploits/42555/

R is a language and environment for statistical computing and graphics. It is a GNU project which is similar to the S language and environment which was developed at Bell Laboratories (formerly AT&T, now Lucent Technologies) by John Chambers and colleagues. R can be considered as a different implementation of S. There are some important differences, but much code written for S runs unaltered under R. R provides a wide variety of statistical (linear and nonlinear modelling, classical statistical tests, time-series analysis, classification, clustering, …) and graphical techniques, and is highly extensible. The S language is often the vehicle of choice for research in statistical methodology, and R provides an Open Source route to participation in that activity. One of R’s strengths is the ease with which well-designed publication-quality plots can be produced, including mathematical symbols and formulae where needed. Great care has been taken over the defaults for the minor design choices in graphics, but the user retains full control. R is available as Free Software under the terms of the Free Software Foundation’s GNU General Public License in source code form. It compiles and runs on a wide variety of UNIX platforms and similar systems (including FreeBSD and Linux), Windows and MacOS. In this introduction to R, you will master the basics of this beautiful open source language, including factors, lists and data frames. With the knowledge gained in this course, you will be ready to undertake your first very own data analysis. With over 2 million users worldwide R is rapidly becoming the leading programming language in statistics and data science. Every year, the number of R users grows by 40% and an increasing number of organizations are using it in their day-to-day activities. Leverage the power of R by completing this free R online course today! Link: https://www.datacamp.com/courses/free-introduction-to-r?utm_source=fb_paid&utm_medium=fb_desktop&utm_campaign=fb_ppa

Dap ți-am dat pm

Mai vinde cineva conturi de FB ?

eu mi-am luat vpn de sla purevpn , merge ok il folosesc de pe linux , si am dat disable la upload , momentan dupa 6 luni nici o amenda ...

500 GB programming resources: https://drive.google.com/drive/folders/0ByWO0aO1eI_MN1BEd3VNRUZENkU

Ca orice serviciu gratuit si cel oferit de https://www.vpnbook.com/ are mici "imperfectiuni", in cazul de fata, unul din ele fiind necesitatea de a vizita site-ul in mod regulat pentru obtinerea datelor de login. Prin aceasta automatizare vom elimina acest mic dezavantaj. Se presupune ca este folosit open vpn Modificarea fisierului config (Locatie: C:\Program Files\OpenVPN\config\) - pentru utilizarea datelor de logare dintr-un fisier - in fisierul ".ovpn" vom inlocui linia: auth-user-pass cu : auth-user-pass "D:\\vpn_book.txt" Automatizare: #Python 2.7 import urllib2 import re vpn = "http://www.vpnbook.com/" response = urllib2.urlopen(vpn) data = response.read() u = re.search("Username: (\w+)<", data) if u: utilizator = u.group(1) p = re.search("Password: (\w+)<", data) if p: parola = p.group(1) with open("D:\\vpn_book.txt", "w") as login_file: login_file.write(utilizator +"\n" + parola) login_file.close() La fiecare rulare a scriptului de mai sus datele de login din fisierul d:\\vpn_book.txt for fi improspatate

Information Security Interview Questions Daniel Miessler Information Security Interview Questions Home » Study » Information Security Interview Questions The Philosophy of Technical Interviews Encryption Security Wisdom Network Security Application Security Business Risk The Onion Model The Role-playing Model Innovation Questions What follows is a list of questions for use in vetting candidates for positions in Information Security. The list has evolved over the years, as I think it should, and I think represents a good balance between technical content and the philosophy around desired answers. [ For overall InfoSec career advice, be sure to check out my new article titled: How to Build a Successful Information Security Career ] THE PHILOSOPHY OF TECHNICAL INTERVIEWS Perhaps the worst mistake you can make when doing technical interviews is filtering people out that you shouldn’t due to fetishization of the interview process and an unfounded belief in the correlation between answers to the questions and a potential employee’s performance. Google figured this out many years ago, and they started focusing on scenario and behavior-based interviews instead of those based on specific (gotcha) nuggets of information. They figured out it’s not about asking hard things that can easily be looked up, but rather understanding how people approach problems, what their talents and interests are, and what work they have done in the past. Sadly this is not yet understood by most interviewers and HR departments, and they’re still stuck in the mode of asking magic questions and looking for their favorite pet answers. The process has been shown to be highly biased, with interviews basically looking for people who fit their particular model of good (which usually matches something like themselves). Google found that this doesn’t work. It has no mapping to success as an employee whatsoever. I rely on the data more than my anecdotes, but as someone who’s given many, many technical interviews, I can tell you that this is consistent with my experience. I’ve hired people who are star performers that effectively failed at these questions, and we have people who crushed them and floundered once hired. The lesson here is not to avoid technical questions: It’s that you need to be cautious of the tendency to fetishize them and your own interviewing skills, and realize that different roles have different requirements for success that may or may not correlate with the questions you’re asking. Anyway, with that said, here are the questions. ENCRYPTION DESCRIBE THE PROCESS OF A TLS SESSION BEING SET UP WHEN SOMEONE VISITS A SECURE WEBSITE. WISDOM ARE OPEN-SOURCE PROJECTS MORE OR LESS SECURE THAN PROPRIETARY ONES? The answer to this question is often very telling about a given candidate. It shows 1) whether or not they know what they’re talking about in terms of development, and 2) it really illustrates the maturity of the individual (a common theme among my questions). My main goal here is to get them to show me pros and cons for each. If I just get the “many eyes” regurgitation then I’ll know he’s read Slashdot and not much else. And if I just get the “people in China can put anything in the kernel” routine then I’ll know he’s not so good at looking at the complete picture. The ideal answer involves the size of the project, how many developers are working on it (and what their backgrounds are), and most importantly — quality control. In short, there’s no way to tell the quality of a project simply by knowing that it’s either open-source or proprietary. There are many examples of horribly insecure applications that came from both camps. HOW DO YOU CHANGE YOUR DNS SETTINGS IN LINUX/WINDOWS? Here you’re looking for a quick comeback for any position that will involve system administration (see system security). If they don’t know how to change their DNS server in the two most popular operating systems in the world, then you’re likely working with someone very junior or otherwise highly abstracted from the real world. WHAT’S THE DIFFERENCE BETWEEN ENCODING, ENCRYPTION, AND HASHING? Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input. WHAT’S MORE SECURE, SSL OR HTTPS? Trick question: these are not mutually exclusive. Look for a smile like they caught you in the cookie jar. If they’re confused, then this should be for an extremely junior position. CAN YOU DESCRIBE RAINBOW TABLES? Look for a thorough answer regarding overall password attacks and how rainbow tables make them faster. WHAT IS SALTING, AND WHY IS IT USED? You purposely want to give the question without context. If they know what salting is just by name, they’ve either studied well or have actually been exposed to this stuff for a while. WHO DO YOU LOOK UP TO WITHIN THE FIELD OF INFORMATION SECURITY? WHY? A standard question type. All we’re looking for here is to see if they pay attention to the industry leaders, and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that’ll tell you one thing, and if they name a few of the pioneers that’ll say another. If they don’t know anyone in Security, we’ll consider closely what position you’re hiring them for. Hopefully it isn’t a junior position. WHERE DO YOU GET YOUR SECURITY NEWS FROM? Here I’m looking to see how in tune they are with the security community. Answers I’m looking for include things like Team Cymru, Reddit, Twitter, etc. The exact sources don’t really matter. What does matter is that he doesn’t respond with, “I go to the CNET website.”, or, “I wait until someone tells me about events.”. It’s these types of answers that will tell you he’s likely not on top of things. IF YOU HAD TO BOTH ENCRYPT AND COMPRESS DATA DURING TRANSMISSION, WHICH WOULD YOU DO FIRST, AND WHY? If they don’t know the answer immediately it’s ok. The key is how they react. Do they panic, or do they enjoy the challenge and think through it? I was asked this question during an interview at Cisco. I told the interviewer that I didn’t know the answer but that I needed just a few seconds to figure it out. I thought out loud and within 10 seconds gave him my answer: “Compress then encrypt. If you encrypt first you’ll have nothing but random data to work with, which will destroy any potential benefit from compression. WHAT’S THE DIFFERENCE BETWEEN SYMMETRIC AND PUBLIC-KEY CRYPTOGRAPHY Standard stuff here: single key vs. two keys, etc, etc. IN PUBLIC-KEY CRYPTOGRAPHY YOU HAVE A PUBLIC AND A PRIVATE KEY, AND YOU OFTEN PERFORM BOTH ENCRYPTION AND SIGNING FUNCTIONS. WHICH KEY IS USED FOR WHICH FUNCTION? You encrypt with the other person’s public key, and you sign with your own private. If they confuse the two, don’t put them in charge of your PKI project. WHAT KIND OF NETWORK DO YOU HAVE AT HOME? Good answers here are anything that shows you he’s a computer/technology/security enthusiast and not just someone looking for a paycheck. So if he’s got multiple systems running multiple operating systems you’re probably in good shape. What you don’t want to hear is, “I get enough computers when I’m at work…” I’ve yet to meet a serious security guy who doesn’t have a considerable home network–or at least access to one, even if it’s not at home. WHAT ARE THE ADVANTAGES OFFERED BY BUG BOUNTY PROGRAMS OVER NORMAL TESTING PRACTICES? You should hear coverage of many testers vs. one, incentivization, focus on rare bugs, etc. WHAT ARE YOUR FIRST THREE STEPS WHEN SECURING A LINUX SERVER? Their list isn’t key here (unless it’s bad); the key is to not get panic. WHAT ARE YOUR FIRST THREE STEPS WHEN SECURING A WINDOWS SERVER? Their list isn’t key here (unless it’s bad); the key is to not get panic. WHO’S MORE DANGEROUS TO AN ORGANIZATION, INSIDERS OR OUTSIDERS? Ideally you’ll hear inquiry into what’s meant by “dangerous”. Does that mean more likely to attack you, or more dangerous when they do? WHY IS DNS MONITORING IMPORTANT? If they’re familiar with infosec shops of any size, they’ll know that DNS requests are a treasure when it comes to malware indicators. NETWORK SECURITY WHAT PORT DOES PING WORK OVER? A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols. DO YOU PREFER FILTERED PORTS OR CLOSED PORTS ON YOUR FIREWALL? Look for a discussion of security by obscurity and the pros and cons of being visible vs. not. There can be many signs of maturity or immaturity in this answer. HOW EXACTLY DOES TRACEROUTE/TRACERT WORK AT THE PROTOCOL LEVEL? This is a fairly technical question but it’s an important concept to understand. It’s not natively a “security” question really, but it shows you whether or not they like to understand how things work, which is crucial for an Infosec professional. If they get it right you can lighten up and offer extra credit for the difference between Linux and Windows versions. The key point people usually miss is that each packet that’s sent out doesn’t go to a different place. Many people think that it first sends a packet to the first hop, gets a time. Then it sends a packet to the second hop, gets a time, and keeps going until it gets done. That’s incorrect. It actually keeps sending packets to the final destination; the only change is the TTL that’s used. The extra credit is the fact that Windows uses ICMP by default while Linux uses UDP. WHAT ARE LINUX’S STRENGTHS AND WEAKNESSES VS. WINDOWS? Look for biases. Does he absolutely hate Windows and refuse to work with it? This is a sign of an immature hobbyist who will cause you problems in the future. Is he a Windows fanboy who hates Linux with a passion? If so just thank him for his time and show him out. Linux is everywhere in the security world. CRYPTOGRAPHICALLY SPEAKING, WHAT IS THE MAIN METHOD OF BUILDING A SHARED SECRET OVER A PUBLIC MEDIUM? Diffie-Hellman. And if they get that right you can follow-up with the next one. WHAT’S THE DIFFERENCE BETWEEN DIFFIE-HELLMAN AND RSA? Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol. If they get that far, make sure they can elaborate on the actual difference, which is that one requires you to have key material beforehand (RSA), while the other does not (DH). Blank stares are undesirable. WHAT KIND OF ATTACK IS A STANDARD DIFFIE-HELLMAN EXCHANGE VULNERABLE TO? Man-in-the-middle, as neither side is authenticated. APPLICATION SECURITY DESCRIBE THE LAST PROGRAM OR SCRIPT THAT YOU WROTE. WHAT PROBLEM DID IT SOLVE? All we want to see here is if the color drains from the guy’s face. If he panics then we not only know he’s not a programmer (not necessarily bad), but that he’s afraid of programming (bad). I know it’s controversial, but I think that any high-level security guy needs some programming skills. They don’t need to be a God at it, but they need to understand the concepts and at least be able to muddle through some scripting when required. HOW WOULD YOU IMPLEMENT A SECURE LOGIN FIELD ON A HIGH TRAFFIC WEBSITE WHERE PERFORMANCE IS A CONSIDERATION? We’re looking for a basic understanding of the issue of wanting to serve the front page in HTTP, while needing to present the login form via HTTPs, and how they’d recommend doing that. A key piece of the answer should center around avoidance of the MiTM threat posed by pure HTTP. Blank stares here mean that they’ve never seen or heard of this problem, which means they’re not likely to be anything near pro level. WHAT ARE THE VARIOUS WAYS TO HANDLE ACCOUNT BRUTE FORCING? Look for discussion of account lockouts, IP restrictions, fail2ban, etc. WHAT IS CROSS-SITE REQUEST FORGERY? Not knowing this is more forgivable than not knowing what XSS is, but only for junior positions. Desired answer: when an attacker gets a victim’s browser to make requests, ideally with their credentials included, without their knowing. A solid example of this is when an IMG tag points to a URL associated with an action, e.g. http://foo.com/logout/. A victim just loading that page could potentially get logged out from foo.com, and their browser would have made the action, not them (since browsers load all IMG tags automatically). HOW DOES ONE DEFEND AGAINST CSRF? Nonces required by the server for each page or each request is an accepted, albeit not foolproof, method. Again, we’re looking for recognition and basic understanding here–not a full, expert level dissertation on the subject. Adjust expectations according to the position you’re hiring for. IF YOU WERE A SITE ADMINISTRATOR LOOKING FOR INCOMING CSRF ATTACKS, WHAT WOULD YOU LOOK FOR? This is a fun one, as it requires them to set some ground rules. Desired answers are things like, “Did we already implement nonces?”, or, “That depends on whether we already have controls in place…” Undesired answers are things like checking referrer headers, or wild panic. WHAT’S THE DIFFERENCE BETWEEN HTTP AND HTML? Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again, the main thing you’re looking for is for him not to panic. HOW DOES HTTP HANDLE STATE? It doesn’t, of course. Not natively. Good answers are things like “cookies”, but the best answer is that cookies are a hack to make up for the fact that HTTP doesn’t do it itself. WHAT EXACTLY IS CROSS SITE SCRIPTING? You’d be amazed at how many security people don’t know even the basics of this immensely important topic. We’re looking for them to say anything regarding an attacker getting a victim to run script content (usually JavaScript) within their browser. WHAT’S THE DIFFERENCE BETWEEN STORED AND REFLECTED XSS? Stored is on a static page or pulled from a database and displayed to the user directly. Reflected comes from the user in the form of a request (usually constructed by an attacker), and then gets run in the victim’s browser when the results are returned from the site. WHAT ARE THE COMMON DEFENSES AGAINST XSS? Input Validation/Output Sanitization, with focus on the latter. CORPORATE/RISK WHAT IS THE PRIMARY REASON MOST COMPANIES HAVEN’T FIXED THEIR VULNERABILITIES? This is a bit of a pet question for me, and I look for people to realize that companies don’t actually care as much about security as they claim to–otherwise we’d have a very good remediation percentage. Instead we have a ton of unfixed things and more tests being performed. Look for people who get this, and are ok with the challenge. WHAT’S THE GOAL OF INFORMATION SECURITY WITHIN AN ORGANIZATION? This is a big one. What I look for is one of two approaches; the first is the über-lockdown approach, i.e. “To control access to information as much as possible, sir!” While admirable, this again shows a bit of immaturity. Not really in a bad way, just not quite what I’m looking for. A much better answer in my view is something along the lines of, “To help the organization succeed.” This type of response shows that the individual understands that business is there to make money, and that we are there to help them do that. It is this sort of perspective that I think represents the highest level of security understanding—-a realization that security is there for the company and not the other way around. WHAT’S THE DIFFERENCE BETWEEN A THREAT, VULNERABILITY, AND A RISK? As weak as the CISSP is as a security certification it does teach some good concepts. Knowing basics like risk, vulnerability, threat, exposure, etc. (and being able to differentiate them) is important for a security professional. Ask as many of these as you’d like, but keep in mind that there are a few differing schools on this. Just look for solid answers that are self-consistent. IF YOU WERE TO START A JOB AS HEAD ENGINEER OR CSO AT A FORTUNE 500 COMPANY DUE TO THE PREVIOUS GUY BEING FIRED FOR INCOMPETENCE, WHAT WOULD YOUR PRIORITIES BE? [IMAGINE YOU START ON DAY ONE WITH NO KNOWLEDGE OF THE ENVIRONMENT] We don’t need a list here; we’re looking for the basics. Where is the important data? Who interacts with it? Network diagrams. Visibility touch points. Ingress and egress filtering. Previous vulnerability assessments. What’s being logged an audited? Etc. The key is to see that they could quickly prioritize, in just a few seconds, what would be the most important things to learn in an unknown situation. AS A CORPORATE INFORMATION SECURITY PROFESSIONAL, WHAT’S MORE IMPORTANT TO FOCUS ON: THREATS OR VULNERABILITIES? This one is opinion-based, and we all have opinions. Focus on the quality of the argument put forth rather than whether or not they they chose the same as you, necessarily. My answer to this is that vulnerabilities should usually be the main focus since we in the corporate world usually have little control over the threats. Another way to take that, however, is to say that the threats (in terms of vectors) will always remain the same, and that the vulnerabilities we are fixing are only the known ones. Therefore we should be applying defense-in-depth based on threat modeling in addition to just keeping ourselves up to date. Both are true, of course; the key is to hear what they have to say on the matter. THE ONION MODEL The questions above are fairly straightforward. They are, generally, negative filters, i.e. they’re designed to excluded candidates for having glaring weaknesses. If you are dealing with a more advanced candidate then one approach I recommend taking is that of the onion model. The Onion Model of interviewing starts at the surface level and then dives deeper and deeper—often to a point that the candidate cannot go. This is terrifically revealing, as it shows not only where a candidate’s knowledge stops, but also how they deal with not knowing something. One component of this cannot be overstated: Using this method allows you to dive into the onion in different ways, so even candidates who have read this list, for example, will not have perfect answers even if you ask the same question. An example of this would be starting with: How does traceroute work? They get this right, so you go to the next level. What protocol does it use? This is a trick question, as it can use lots of options, depending on the tool. Then you move on. Describe a Unix traceroute hitting google.com at all seven layers of the OSI model. Etc. It’s deeper and deeper exploration of a single question. Here’s a similar option for the end-phase of such a question. IF I’M ON MY LAPTOP, HERE INSIDE MY COMPANY, AND I HAVE JUST PLUGGED IN MY NETWORK CABLE. HOW MANY PACKETS MUST LEAVE MY NIC IN ORDER TO COMPLETE A TRACEROUTE TO TWITTER.COM? The key here is that they need to factor in all layers: Ethernet, IP, DNS, ICMP/UDP, etc. And they need to consider round-trip times. What you’re looking for is a realization that this is the way to approach it, and an attempt to knock it out. A bad answer is the look of WTF on the fact of the interviewee. This could be asked as a final phase of a multi-step protocol question that perhaps starts with the famous, “What happens when I go to Google.com?” HOW WOULD YOU BUILD THE ULTIMATE BOTNET? Answers here can vary widely; you want to see them cover the basics: encryption, DNS rotation, the use of common protocols, obscuring the heartbeat, the mechanism for providing updates, etc. Again, poor answers are things like, “I don’t make them; I stop them.” ROLE-PLAYING AS AN ALTERNATIVE TO THE ONION MODEL Another option for going to increasing depth, is to role-play with the candidate. You present them a problem, and they have to troubleshoot. I had one of these during an interview and it was quite valuable. You would tell them, for example, that they’ve been called in to help a client who’s received a call from their ISP stating that one or more computers on their network have been compromised. And it’s their job to fix it. They are now at the client site and are free to talk to you as the client (interviewing them), or to ask you as the controller of the environment, e.g. “I sniff the external connection using tcpdump on port 80. Do I see any connections to IP 8.8.8.8.” And you can then say yes or no, etc. From there they continue to troubleshooting/investigating until they solve the problem or you discontinue the exercise due to frustration or pity. INNOVATION QUESTIONS At the top tier of technical security roles you may want someone who is capable of designing as well as understanding. In these cases you can also ask questions about design flaws, how they would improve a given protocol, etc. These questions separate good technical people from top technical people, and I imagine less than 1% of those in infosec would even attempt to answer any of these. Here are a few examples: What are the primary design flaws in HTTP, and how would you improve it? If you could re-design TCP, what would you fix? What is the one feature you would add to DNS to improve it the most? What is likely to be the primary protocol used for the Internet of Things in 10 years? If you had to get rid of a layer of the OSI model, which would it be? [ NOTE: You can ask infinite variations of these, of course. Asking for three options instead of one, or asking them to rank the results, etc. ] It’s important to note with these questions that you could have a superstar analyst who knows nothing about these matters while someone who is at this level would make a poor forensic expert. It’s all about matching skills to roles. CONCLUSION For more on hiring overall, I recommend doing a good amount of research. Most important to learn, as I talked about above, is the limitations of interviews. Use other data available to you whenever possible, and above everything else: Be extremely cautious of anyone who thinks they can spot “the one” because they’re good at it.. Bias is a major problem in interviewing, and it’s likely that someone with a steadfast belief in his or her interview brilliance is doing harm to your organization by introducing bad candidates. When possible, do what Google did: Explore the data. Look at how candidates did in interviews relative to how they did on the job. Wherever you have mismatches you have a problem with your process. Feel free to contact me if you have any comments on the questions, or if you have an ideas for additions. CREATED: MARCH 2007 | UPDATED: JUNE 2017 NOTES Here is an article about Google revealing the ineffectiveness of their brainteaser questions. As a hiring organization, be cautious of any interviewer that has an ego or attitude. The odds of you getting any good data from them is low. The name of the game is reducing bias, and that type has a lot of it. Also beware that any interviewee who is extremely nervous is not performing their best. As an interviewer your job should be to get them relaxed enough to perform the way they will at work, and to reduce any tension that’s preventing that from happening. Always try to combine any interview with a work sample, and/or great reference data. I have had these questions asked to me on numerous interviews. It’s quite humorous when they find out they’re reading from my website. The June 2017 update was a rewrite based on an evolving view of technical interviews. Check out the Philosophy section above to learn about that evolution. A key question you should be asking yourself with these types of questions is whether it’s something they should know off the top of their head, or if it’s something they should be able to research quickly and find out. If it’s the latter, then why are we asking them to recite it from memory? That’s the old style of interviewing, and it is not effective in predicting real-world success. LEAVE A COMMENT OR SHARE Twitter Facebook LinkedIn Mail No related posts. NEWSLETTER Every Sunday I put out a list of the most interesting stories in infosec, technology, and humans. I do the research, you get the benefits. Over 10K subscribers. Support more content like this… RSS Twitter Github Facebook Netsparker: find vulnerabilities in your web applications before someone else does. RECOMMENDED No related posts. NEWSLETTER Every Sunday I put out a list of the most interesting stories in infosec, technology, and humans. I do the research, you get the benefits. Over 10K subscribers. SUPPORT THE SITE © Daniel Miessler 1999-2017 Share Stack Privacy Media 1071565 sursa: https://danielmiessler.com/study/infosec_interview_questions/#gs.591eTk0

Offtopic: tatal tau e ok?

https://www.it-sec-catalog.info/ Available from https://it-sec-catalog.info/ and https://www.gitbook.com/book/arthurgerkis/it-sec-catalog. About this project This is a catalog of links to articles on computer security — software and hardware analysis and vulnerability exploitation, shellcode development and security mitigations, including computer security research, and malware stuff. Slides are not included (there is other project for that). Advisories without much details are also not included. All articles are only in English. Project is running since 2010. Author and contributors Author of this project: Arthur (ax330d) Gerkis, contributors: Nitay Artenstein, Joe (j0echip) Chip. Thanks to everyone who helped with the project.

Neata , Am stat o zi citind rubrica de "bine ati venit " si dupa o zi de lucru grea m-am intors acasa si sageata de la mouse parca s-a dus singura la primul post , scris de pyth0n3 si imediat mam prins in jocu' lui si chiar nu vreau sa scriu un singur rand despre mine pentru ca iubesc prea mult internetul , linux , berea , iarba , cateodata si cate-o baza de date de pe la vreun inspectorat de politie , oricat de frumoasa este viata pentru mine, viata inseamna calculator . App eu sunt draqu13 , despre nume nu am nici o descriere . El e descrierea perfecta Am avut contact cu calculatoru de pe la varsta de 7 ani tinand cont ca eu am 23 de ani , la varsta de 10 ani in 2003 am descoperit ABAC sau internet caffe unde am inceput sa ma joc MU . 11 ani mai tarziu in 2014 m-am lasat de MU pentru BLACK TRACK si acu mai am CD piratate . Sincer am 3 ani de cand sunt in kkt asta imi place , scoala nu prea am ! Momentan sunt la seral clasa a 12 si incerc sa imi termin scoala pentru a progresa. Imi doresc un viitor in IT nu vreau sa fac altceva cu viata mea . Am invatat totul de la 0 , singuru' prieten a fost youtube asa am invatat despre brutal force , sql injection , baza de date , putin html , DOSS , clonare , playload , wi-fi si cat de usor ma pot uita la tine in casa cu ajutorul webului tau . Imi place aici intre cabluri , securitate si placi de baza ! Sper sa imi fac prieteni aici de la care pot invata pentru ca am vazut ca este numa lume faina , daca ar fi dupa mine as da un cui fiecaruia dintre voi ! P.S. Hey Fuking Salut Draqu La Tastarua !

Analyzing Man-in-the-Browser (MITB) Attacks The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware do not have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. Download: https://www.sans.org/reading-room/whitepapers/forensics/analyzing-man-in-the-browser-mitb-attacks-35687